package com.web.shiro;

import common.utils.Encrypt;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {

    @Override
    //自定义密码比较器,info为身份认证返回的数据信息
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        //1.强转为UsernamePasswordToken对象
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        //2.输入的密码,从upToken获取
        String userPassword = String.valueOf(upToken.getPassword());
        String email = upToken.getUsername();
        //数据库的密码进行了加盐,这里比较需要加盐后比较
        userPassword = Encrypt.md5(userPassword, email);
        //3.获取数据库的密码
        String dbPassword = (String) info.getCredentials();
        //4.比较,false时会抛出异常,由LoginController进行抓取
        return dbPassword.equals(userPassword);
    }
}
